CrazyEngineers
  • Hacked files from Italy-based spying software development firm, Hacking Team have exposed a critical vulnerability in the widely used browser plug-in, the Adobe Flash Player. Two days ago, unidentified hackers managed to break into the Milan-based IT firm and steal 400GB of confidential company data. The main purpose of the well executed hack was to expose the fact that the company was indeed helping oppressive regimes across the world to spy on activists and journalists by selling them the surveillance tool, Da Vinci and another spyware tool called the Remote Control System. While the company’s representatives had claimed in the past that they never sell their creations to sketchy governments, the hacks managed to refute their claims.

    Adobe

    Coming to the main story, the information about the 0day hack was uncovered by the security researchers at #-Link-Snipped-# and verified by the fellows at #-Link-Snipped-#. The documentation written by Hacking Team employees describes the flaw as "the most beautiful Flash bug for the last four years". The leaked files from Hacking Team, show the existence of a zero-day proof-of-concept where the attacker can hijack a victim’s computer though the Flash Player and command it to open an application such as the Windows calculator. While the documents show that the vulnerability is found on Adobe Flash Player 9 and above, external sources have confirmed that the bug has not been patched in the latest version, 18.0.0.194 that runs on Internet Explorer, Chrome, Firefox and Safari. The unnerving news here is that a release version of the proof-of-concept with real attack shellcode was also leaked in the hack. This means nefarious hackers across the world can take the code and execute it willy-nilly on anyone’s computer.

    hackingteam1

    hackingteam2

    The good news here is that Trend Micro claims that an active attack has not yet been spotted in the wild. Representatives from Adobe have also confirmed that they are working on patching the vulnerability and shall be releasing an updated version sometime today. Until then users are being advised to disable the Flash Players in their browsers.

    Source: #-Link-Snipped-#
    Replies
Howdy guest!
Dear guest, you must be logged-in to participate on CrazyEngineers. We would love to have you as a member of our community. Consider creating an account or login.
Replies
  • Satya Swaroop Dash

    MemberJul 8, 2015

    Update: Adobe has released the updated version of the Flash Player with the vulnerability patched, Download now here:
    #-Link-Snipped-#
    Are you sure? This action cannot be undone.
    Cancel
Home Channels Search Login Register